<*
Tag space supporting HIPAA compliant policies. Appendix to the paper
"DataTags, Data Handling Policy Spaces and the Tags Language".
*>
DataTags[Root of the tag space]: consists of Handling, DataType, DUA, IP.

Handling[Specifies dataset handling policy]: consists of Storage, Transit, Authentication.

DataType[Describes data and risk related to it]: consists of <*Standards,*> Effort, Harm, Basis.

DUA[Terms and handling for data use agreements]: consists of
    TimeLimit, Sharing, Reidentify, Publication, Use, Acceptance, Approval.

IP[Aspects related to intellectual propery]: TODO.

Storage[How are data stored on disk]: one of clear, encrypt, multiEncrypt.

Transit[How are data travelling through networks]: one of clear, encrypt.

Authentication [Credentials a user needs to provide in order to gain access to the dataset]:
  one of none[Available to anonymous individuals],
         contactable[Having an account on an external system, such as Email or OAuth],
         password[Having password accounts on system],
         twoFactor.

Effort: one of notApplicable, identified, identifiable, deIdentified, anonymous.

Harm: one of noRisk [not person-specific information or provably anonymous information],
             minimal [sufficiently de-identified information in which no person can be re-identified. example: school or academic information],
             shame [identifiable information that could damage a person's reputation or cause embarrassment if exposed],
             civil [identifiable information that could reasonably present a non-minimal risk of civil liability if exposed. examples: Social Security numbers or moderate psychological harm],
             criminal [identifiable information that could cause significant harm to an individual if exposed. examples: serious criminal liability, serious psychological harm, loss of insurability or employability],
             maxControl [segmented and sequestered even from system administrators].

TimeLimit: one of none [dataset stored indefinitely],
                  _5years [dataset deleted after five years],
                  _2years [dataset deleted after two years],
                  _1year [dataset deleted after one year].

Sharing: one of anyone, notOnline, organization, group, none.
Reidentify: one of
  contact [Data recipients may reidentify and contact data subjects],
  reidentify [Data recipients may reidentify subjects],
  noProhibition [Agreement does not allow nor prohibit reidentification],
  noPeople [Data recipients may not reidentify people whose information appears in the dataset],
  noEntities [Data recipients may not reidentify people or organizations whose information appears in the dataset],
  noMatching [Data receipients may not match it against other datasets].

Publication: one of noRestriction, notify, preApprove, prohibited.
Use: one of noRestriction, research, IRB, noProduct.
Acceptance[How should a user accept the the data use aggreement]: one of implied,
    click [terms agreed to by clicking acknowledgement],
    signed [terms agreed to by submitting digitally signed document],
    signWithID [terms agreed to by submitting signed document and accompanying government issued ID].

Approval : one of
  none [No approval from data provider required],
  email [email approval by provider of submitted agreement],
  signed [digitally signed approval from data provider].

Basis [Additional information supporting the end result]: some of consent, agreement, HIPAASafeHarbor, HIPAAStatistician, HIPAALimitedDataset, HIPAACoveredEntity, HIPAABusinessAssociate.
